[oe-commits] Roy Li : net-snmp: fix for Security Advisory - CVE-2014-3565
git at git.openembedded.org
git at git.openembedded.org
Wed Dec 3 14:15:41 UTC 2014
Module: meta-openembedded.git
Branch: dizzy
Commit: 2b6d61791f6a3db9367a81acdc58486a1369f38b
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=2b6d61791f6a3db9367a81acdc58486a1369f38b
Author: Roy Li <rongqing.li at windriver.com>
Date: Tue Nov 4 14:09:29 2014 +0800
net-snmp: fix for Security Advisory - CVE-2014-3565
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
allows remote attackers to cause a denial of service (snmptrapd crash) via
a crafted SNMP trap message, which triggers a conversion to the variable
type designated in the MIB file, as demonstrated by a NULL type in an ifMtu
trap message.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3565
Signed-off-by: Roy Li <rongqing.li at windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald at mentor.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
...s-for-printing-variables-with-wrong-types.patch | 455 +++++++++++++++++++++
.../recipes-protocols/net-snmp/net-snmp_5.7.2.1.bb | 1 +
2 files changed, 456 insertions(+)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=2b6d61791f6a3db9367a81acdc58486a1369f38b
More information about the Openembedded-commits
mailing list